Bug 1292923 - Adapt Packstack to newest puppet-keystone
Adapt Packstack to newest puppet-keystone
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
8.0 (Liberty)
Unspecified Unspecified
unspecified Severity urgent
: ga
: 8.0 (Liberty)
Assigned To: Ivan Chavero
Rodrigo Duarte
: Automation, AutomationBlocker, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-18 13:40 EST by Ivan Chavero
Modified: 2016-04-07 17:20 EDT (History)
7 users (show)

See Also:
Fixed In Version: openstack-packstack-7.0.0-0.9.dev1661.gaf13b7e.el7ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-07 17:20:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 251978 None None None 2015-12-18 13:42 EST
Red Hat Product Errata RHEA-2016:0603 normal SHIPPED_LIVE Red Hat OpenStack Platform 8 Enhancement Advisory 2016-04-07 20:53:53 EDT

  None (edit)
Description Ivan Chavero 2015-12-18 13:40:56 EST
Commit 8461e9acfbf7783e69489a4bdd6a24532bd4e33a to puppet-keystone changed the way user roles are managed, by not creating automatically the _member_ role anymore, and removing option 'tenant' from the keystone_user provider.
Comment 3 Ivan Chavero 2015-12-18 14:16:14 EST
To verify this bug is fixed run: 
packstack --allione

Packstack should finish succesfully
Comment 6 Amit Ugol 2016-01-25 10:38:40 EST
# . keystonerc_admin
# keystone role-list
+----------------------------------+------------------+
|                id                |       name       |
+----------------------------------+------------------+
| 9aeff25940b14f4e960b5a6da5d2092c |  ResellerAdmin   |
| a02ecafd374948bf88b231c3687ce4a6 |  SwiftOperator   |
| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_     |
| 7f23b1fcc9684578a0c42c62847dc7b3 |      admin       |
| 3a08d2ac185d4d96bc4e439a73485fab | heat_stack_owner |
| 429ba44420c64df181d676ef3ca6899b | heat_stack_user  |
+----------------------------------+------------------+

From the 1st comment, _member_ should not be created. Does it mean that the fix failed?
Comment 7 Martin Magr 2016-01-25 12:38:14 EST
Hi Amit, nope. Linked patch in gerrit was actually to create _member_ role, so the fix did the job.


Ivan, as a follow-up I would also like to see to fix this via Puppet modules. I'm thinking if the role creation was not moved to other Puppet class. If not we should at least submit upstream bug. I see that as a regression TBH.
Comment 8 Rodrigo Duarte 2016-02-03 14:34:04 EST
Verified for openstack-packstack-7.0.0-0.10.dev1684.g87ec498.el7ost (current puddle).

The command below finished ok

# packstack --allinone

Checked if the _member_ role is present

# source keystonerc_admin
# openstack role list
+----------------------------------+---------------+
| ID                               | Name          |
+----------------------------------+---------------+
| 37d659237e184b5aa7d08e255471ddf5 | SwiftOperator |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_      |
| e04ed2b1f5834f11b4d7387bdfffa96f | admin         |
| f13fc454d8ed4fa0862d2137caeec96d | ResellerAdmin |
+----------------------------------+---------------+

Checked if the "project_id" property is no longer displayed for a user (meaning the correct configuration after the "tenant" field removal)

# openstack user show admin
+----------+----------------------------------+
| Field    | Value                            |
+----------+----------------------------------+
| email    | root@localhost                   |
| enabled  | True                             |
| id       | 2a74833cb0e34106b55c10521cfb0482 |
| name     | admin                            |
| username | admin                            |
+----------+----------------------------------+
Comment 9 errata-xmlrpc 2016-04-07 17:20:15 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html

Note You need to log in before you can comment on or make changes to this bug.